Possible fraud?
-
Hi,
Stripe contacted us with a message:
You reached out because you noticed a large number of errors on the Logs page of your Dashboard. After some investigation, we concluded that this was likely some variation on what is called a card testing attack. Normally, these attacks entail a series of attempted payments against stolen cards, the results of which the attacker uses to determine which of them are still active. The attacker would be able to gain some form of access to either your payment form or your API itself, and be able to automate the process of creating customers and attempting payments.
In your case, it looks like, instead of attempting payments, they opted to create SetupIntents instead. SetupIntents is a feature by which you can save a card to a Customer object without creating a payment. SetupIntents must authorize a card for future payments before they can be attached; otherwise, it will fail. In this way, they are able to determine which cards are getting declined by their issuer and which ones are still active without making any payments.
While this hasn’t yet caused you any financial damage, it would be prudent to investigate if there are any security vulnerabilities on your end. You may wish to re-roll your API keys just in case.
Given that these customers and the subsequent SetupIntents are generated through your WooCommerce application, you may want to check with them to see if there’s anything that they need to check on their side. For now, you’ve elected to contact your developers first before proceeding.
Can you provide some guidance on what we can do to resolve any intrusion?
We’re running a Wordfence scan at the moment, but that scan never finishes, so we’re waiting on a response from Wordfence support.
Help appreciated.
You must be logged in to reply to this topic.
